Extracting Passwords from Qihoo 360 Safe Browser and Tor Browser

August 11th, 2020 by Oleg Afonin
Category: «Elcomsoft News»

Tor Browser is a well-known tool for browsing the Web while renaming anonymous, while Qihoo 360 Safe Browser is one of China’s most popular desktop Web browsers. According to some sources, it might be the second most-popular desktop Web browser in China. Like many other Chromium-based browsers, 360 Safe Browser offers the ability to save and securely store website passwords, but the implementation is unexpectedly different from most other browsers. An update to Elcomsoft Internet Password Breaker enables the extraction of Qihoo 360 Safe Browser and Tor Browser passwords. Does the “360 Safe” moniker stand the trial, and is Tor really anonymous? Read along to find out!

Qihoo 360 Safe Browser

Developed by Qihoo, 360 Safe Browser is based on the Chromium engine like many of its competitors. Being the second most-popular desktop Web browser in China, 360 Safe Browser is marketed as a browser focused on security. Along with QQ Browser and UC Browser, 360 Safe Browser is part of the big three Chinese Web browsers. Similar to other Chromium-based Web browsers, 360 Safe Browser can save users’ passwords into an encrypted database.

The passwords are stored in a SQLite3 database in the following file:

%UserProfile%\AppData\Roaming\360se6\User Data\Default\apps\LoginAssis\assis2.db

Unlike all of its rivals who employ some sort of AES-256 encryption, the developers from Qihoo chose the lesser AES-128-CBC algorithm. Despite the shorter key length, the encryption algorithm would still be enough to securely protect stored passwords if it was properly implemented. Well, it is not.

While the passwords in the database are encrypted, but the encryption key can be produced easily by reading the Machine ID, which, in turn, is stored in the computer’s Registry. As a result, an attacker wouldn’t even have to authenticate into the user’s Windows account (or hijack an active session) in order to extract passwords from 360 Safe Browser. So much for the “360 Safe” moniker.

Using Elcomsoft Internet Password Breaker to extract passwords from Qihoo 360 Safe Browser

Elcomsoft Internet Password Breaker 3.30 can extract stored passwords from QQ Browser as well as a bunch of other popular browsers and email clients. This includes the latest versions of Google Chrome, Mozilla Firefox, both versions of Microsoft Edge (universal and Chromium-based), as well as Microsoft Internet Explorer, Opera, and Tor. Popular email clients such as Windows Mail (Windows 10), Microsoft Outlook and Thunderbird are also supported. Last but not least, we’ve added support for Yandex Browser, Russia’s second most popular desktop Web browser.

In order to extract passwords from 360 Safe Browser, simply run the tool on the computer with Qihoo 360 Safe Browser installed.

To extract passwords from 360 Safe Browser, do the following.

  1. Launch Elcomsoft Internet Password Breaker.
  2. Select Web Browsers from the menu and choose 360 Safe Browser.
  3. In a few seconds, the list of passwords will appear.
  4. Alternatively, you may want to create a filtered dictionary to use with one of our password recovery tools. You can do this by clicking the “Export” button. In this mode, all passwords stored in all installed Web browsers will be exported.

Tor Browser

The Tor Browser is based on a modified version of Mozilla Firefox, with Microsoft Windows, macOS and Linux versions available for desktop computers. The Tor Browser is designed to deliver full anonymity to its users. By default, the browser launches in Private Browsing mode, deleting privacy-sensitive data such as HTTP cookies and the browsing history upon termination of a session.

Unlike rival Web browsers, Tor’s default settings disable the password management facilities it inherited from the Firefox source. However, users can manually enable the ability to save passwords by launching the browser in non-private mode. Any passwords stored in this mode remain accessible even if Tor is re-launched in its default Private Browsing mode. If this is the case, Elcomsoft Internet Password Breaker 3.30 can instantly extract and decrypt passwords kept in the Tor Browser’s password storage.

To extract passwords stored in the Tor browser, follow the same steps described in the previous chapter; the only difference is selecting Tor Browser from the main Web Browsers menu:

Once you perform the required steps, the passwords will be displayed. You can easily export them by using the Export Passwords button on the main toolbar.

Once you export the password list, you can review the passwords to learn about the user’s password creation habits. Is there a certain pattern to the passwords? Is the same base word or phrase used over and over again with a numeric suffix and maybe a special character at the end? Building a high-quality custom dictionary that contains all of the user’s cached passwords is now possible with a single click. You can import the user’s passwords as a custom dictionary into Elcomsoft Distributed Password Recovery. Just a few minutes of work may help you solve the case much faster compared to using off-the-shelf dictionaries.


REFERENCES:

Elcomsoft Internet Password Breaker

Elcomsoft Internet Password Breaker instantly reveals passwords to Web sites, identities, and mailboxes stored in a variety of applications. Supporting all popular Web browsers and all versions of Outlook Express, Microsoft Outlook, Windows Mail and Windows Live Mail, Elcomsoft Internet Password Breaker helps you retrieve the login and password information to a wide variety of resources.

Elcomsoft Internet Password Breaker official web page & downloads »